/*
 * This file is part of Dependency-Track.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * Copyright (c) OWASP Foundation. All Rights Reserved.
 */
package org.dependencytrack.tasks;

import alpine.common.logging.Logger;
import alpine.event.framework.Event;
import alpine.event.framework.Subscriber;
import org.dependencytrack.event.AbstractVulnerabilityManagementUploadEvent;
import org.dependencytrack.integrations.FindingUploader;
import org.dependencytrack.integrations.PortfolioFindingUploader;
import org.dependencytrack.integrations.ProjectFindingUploader;
import org.dependencytrack.model.Finding;
import org.dependencytrack.model.Project;
import org.dependencytrack.persistence.QueryManager;
import org.slf4j.MDC;

import javax.jdo.Query;
import java.io.InputStream;
import java.util.List;

import static org.dependencytrack.common.MdcKeys.MDC_PROJECT_NAME;
import static org.dependencytrack.common.MdcKeys.MDC_PROJECT_UUID;
import static org.dependencytrack.common.MdcKeys.MDC_PROJECT_VERSION;

public abstract class VulnerabilityManagementUploadTask implements Subscriber {

    private static final Logger LOGGER = Logger.getLogger(VulnerabilityManagementUploadTask.class);

    protected void inform(final Event e, final FindingUploader findingsUploader) {
        if (!(e instanceof AbstractVulnerabilityManagementUploadEvent)) {
            return;
        }

        try (final var qm = new QueryManager()) {
            findingsUploader.setQueryManager(qm);
            if (!findingsUploader.isEnabled()) {
                return;
            }

            if (findingsUploader instanceof final PortfolioFindingUploader portfolioFindingUploader) {
                final InputStream payload = portfolioFindingUploader.process();
                portfolioFindingUploader.upload(payload);
            } else if (findingsUploader instanceof final ProjectFindingUploader projectFindingUploader) {
                processProjects(qm, projectFindingUploader);
            }
        }
    }

    private void processProjects(final QueryManager qm, final ProjectFindingUploader uploader) {
        List<Project> projects = fetchNextProjectBatch(qm, null);

        while (!projects.isEmpty()) {
            if (Thread.currentThread().isInterrupted()) {
                LOGGER.warn("Interrupted before all projects could be processed");
                break;
            }

            for (final Project project : projects) {
                try (var ignoredMdcProjectUuid = MDC.putCloseable(MDC_PROJECT_UUID, project.getUuid().toString());
                     var ignoredMdcProjectName = MDC.putCloseable(MDC_PROJECT_NAME, project.getName());
                     var ignoredMdcProjectVersion = MDC.putCloseable(MDC_PROJECT_VERSION, project.getVersion())) {
                    if (Thread.currentThread().isInterrupted()) {
                        LOGGER.warn("Interrupted before project could be processed");
                        break;
                    }

                    processProjectFindings(qm, uploader, project);
                }
            }

            qm.getPersistenceManager().evictAll(false, Project.class);
            projects = fetchNextProjectBatch(qm, projects.getLast().getId());
        }
    }

    private void processProjectFindings(final QueryManager qm, final ProjectFindingUploader uploader, final Project project) {
        if (!uploader.isProjectConfigured(project)) {
            return;
        }

        LOGGER.debug("Initializing integration point: " + uploader.name());
        final List<Finding> findings = qm.getFindings(project);
        final InputStream payload = uploader.process(project, findings);

        LOGGER.debug("Uploading findings to " + uploader.name());
        uploader.upload(project, payload);
    }

    private List<Project> fetchNextProjectBatch(final QueryManager qm, final Long lastId) {
        // TODO: Shouldn't we only select active projects here?
        //  This is existing behavior so we can't just change it.

        final Query<Project> query = qm.getPersistenceManager().newQuery(Project.class);
        if (lastId != null) {
            query.setFilter("id > :lastId");
            query.setParameters(lastId);
        }
        query.setOrdering("id asc");
        query.setRange(0, 100);

        try {
            return List.copyOf(query.executeList());
        } finally {
            query.closeAll();
        }
    }

}
